Panel suggests Chinese OEMs like ZTE and Huawei could face pressure to steal U.S. financial secrets

Could your router or smartphone be used to spy on you and betray your nation? That's the allegation the U.S. House of Representatives' Intelligence Committee made in a draft report [PDF] released Monday.

Congress accuses Chinese phonemakers of blocking its probe into their potential cyberespionage ties, and suggest a ban. [Image Source: U.S. Congress]

Globally, ZTE is the fourth largest maker of mobile phones, while Huawei is sixth. In the routers, switches, and telecommunications market, Huawei is the world's second largest company in revenue, while ZTE ranks fifth. Both companies are looking to expand their sales base in the U.S.

But according to Congress, the companies could face pressure from the Chinese government to include subtle hardware or software constructs to spy on U.S. communications. That could allow the theft of valuable information that could hurt U.S. companies financially or leak sensitive defense secrets.

II. ZTE, Huawei Blast "Baseless" "Political Distractions"

Both companies firmly denied the cyber-spying allegations.

William Plummer, a Washington- based spokesman for the Huawei, toldReuters, "Baseless suggestions otherwise or purporting that Huawei is somehow uniquely vulnerable to cyber mischief ignore technical and commercial realities, recklessly threaten American jobs and innovation, do nothing to protect national security, and should be exposed as dangerous political distractions from legitimate public-private initiatives to address what are global and industry-wide cyber challenge."

ZTE released a statement highlighting that it was not owned by China's ruling Communist Party. It writes, "ZTE is committed to provide maximum cybersecurity through transparent, comprehensive, and continuous standards-based assessments of ZTE software, firmware, and hardware."

Chinese government officials were also quick to deny they were applying pressure on their domestic electronics firms to spy on the U.S. Commented Foreign Ministry spokesman Hong Lei, "Chinese telecommunications companies have conducted their international operations based on market-economy principles. Their investments in the U.S. reflect the mutual benefits brought about by U.S.-China trade relations."

III. Huawei, Founded by ex-PLA Officer, is Client of PLA's Cyberwar Unit

But there is some compelling evidence that Huawei may have a close relationship with cyberwar units inside China's "Peoples Liberation Army" (PLA). A source gave a document tying Huawei to an "elite cyber-warfare unit" in the PLA, which the company was contracted to provide "special network services" to. Huawei's founder and chief executive Ren Zhengfei is a former PLA officer.

Ren Zhengfei, founder and CEO of Huawei, is a former PLA officer. [Image Source: CFP]

Previously, U.S. regulators had blocked Huawei/ZTE acquisitions of domestic communications equipment manufacturers on similar grounds. Huawei attempted to acquire 3Com Corp. in 2008 for $2.2B USD, but the deal was blocked on security concerns. Instead, Hewlett-Packard Comp. (HPQ) ended up scooping up the company for $2.7B USD. Likewise the 2011 sale of sale of patents from 3Leaf Systems Inc. was unwound on similar security concerns.

But until now there had been no suggestion to directly ban ZTE or Huawei from the commercial communications market or the consumer electronics market. But that is precisely the unprecedented recommendation the panel -- led by Rep. Mike Rogers (R-MI) -- is making.

While the companies strongly deny its claims, the panel complains that both companies failed to cooperate fully with the investigation and tried to dishonestly disguise their relationships with the Chinese government.

I would presume if this is correct that the idea is that it would be a way of extracting information from machines that are not connected to the internet.

Pull some data off of a non-internet connected machine that it was plugged into, store it in a location that is hidden to the user, and then when the thumb drive is connected to a computer that does have internet, upload it.

Some systems are intentionally kept off the internet for security reasons. It seems like the odds of successfully getting the information you want are low, but I guess maybe they'd figure it's worth a shot.

I guess I will be sticking with my Japanese-made Taiyo Yudens then. Who knows if there is a hidden partition on there, but at least if the Japanese get a hold of my sex tapes they will legally have to censor them.

Well you did a great job insulting me, but once again failed to provide any evidence for your tinfoil hat statement...

quote: The reason the DoD banned thumb drives from machines is because they found that Chinese built drives were programmed to steal information from the PC they were plugged into and send it back to China.

So I'll say it once again. Where do you guys come up with all this radical anti-foreign-policy America 'fuck yeah' load of crap?

You guys are ridiculous. Banning imports of any product is suicidal to foreign affairs, let alone our economy. Look what the ITC/Customs hold-up did to HTC 6 months ago. They are PISSED OFF at us because it was clearly a anti-competitive, politically motivated move by Apple.

We don't need to ban products, we simply need a system that inspects and verifies them for function inside the United States. The FTC tests radio interference. Why doesn't ITC thoroughly/randomly inspect products from every crate of electronics that comes shore? It'd help create some legitimate jobs at least.

Any sources..? Very interesting subject, so I tried a few web searches to no avail..

As I recall from back in '09 or so, the Dep't of Homeland Security released a new addition to it's standard security policy urging governmental agencies to wean themselves off of thumb-drive usage. Though I'm sure that the bargain-bin thumbdrives pre-loaded with trojans (nothing to do with the Chinese gov't as far as I ever heard) that were common at the time were indeed an issue, I'm sure this had much more to do with the rash of massive losses of data involving the use of thumb-drives by contracted entities hired by various gov't agencies. One instance happened here in my own home state of OH; where it was common practice for a contracted private company working for the office of the Secretary of State to store all their data daily on a thumbdrive and send it home with a random employee each night. An intern assigned the task ended up having the thumb-drive stolen from their car while parked in a BB parking lot resulting in 30k OH public employees having their personal info along with 110k citizens who hadn't cashed their tax return stolen, prompting them to place this holy grail of a thumb-drive in a fire-proof safe instead.. *roll eyes*

So.. I really doubt that had anything to do with China.. just common sense as far as security goes.

Umm... I highly doubt Chinese made USB drives come pre-programmed with virii et al. You are probably thinking of the counterfeit Cisco routers from China from back in 2008 that in addition to being shoddy and catching fire, would leave back doors open. http://www.businessweek.com/stories/2008-10-01/the...

The issue with USB drives is that people take their USB drives home, work, Target, Walmart, and wherever and plug them into anything with a USB slot. Essentially whoring them out to every computer they run across, and since they are writable by every computer they get put into, it opens them up to infection from god knows what. Then people unknowingly take their USB drives back to work and plug them into their work computers infecting them and the networks they are on.